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FIG.3 

SUSPICIOUS ATTACK DETECTION CONDITION TABLE 

13a 



NO. 



DETECTION ATTRIBUTES 



DETECTION 
THRESHOLD 



DETECTION 
TIME 



{Dst= 1 92. 1 68. 1 . 1 / 32, Protocol =TC P, Port= 80} 



500 Kbps 



10 

SECONDS 



Pst=1 92.1 68.1 .2/32,Protocol=U DP} 



300 Kbps 



10 

SECONDS 



3 



flDst=192.168.1.1/24} 



1000 Kbps 



20 

SECONDS 



FIG.4 

ILLEGITIMATE TRAFFIC DETECTION CONDITION TABLE 

J3b 



NO. 


ILLEGITIMATE TRAFFIC CONDITIONS 


1 


PACKETS AT OR MORE ARE CONTINUOUSLY TRANSMITTED FOR 
SI SECONDS OR MORE 


2 


ICMP/Echo Reply PACKETS AT T2 Kbps OR MORE ARE 
CONTINUOUSLY TRANSMITTED FOR S2 SECONDS OR MORE 


3 


FRAGMENT PACKETS AT T3 Kbps OR MORE ARE 
CONTINUOUSLY TRANSMITTED FOR S3 SECONDS OR MORE 







FIG.5 

LEGITIMACY CONDITION TABLE 
13c 



NO. 


DETECTION ATTRIBUTES 


1 


^Src= 172.1 6.1 0.0/24} 


2 


{TO 8=0x01} 
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FIG. 6 

SIGNATURE LIST 
/16a 



SIGNATURE TYPE 


PRIORITY 


PRIORITY 
ORDER 


SIGNATURE 


SET SIGNATURE 

r ILLEGITIMATE SIGNATURE 
■SUSPECT SIGNATURE 


HIGHEST 
PRIORITY 


1 


SIGNATURE A 


2 


SIGNATURE B 


•■ 




X-1 




ILLEGITIMATE SIGNATURE 


HIGH 


X 


SIGNATURE C 


X+1 








Y-1 




LEGITIMATE SIGNATURE 


MEDIUM 


Y 


SIGNATURE D 


. Y+1 








Z-1 




SUSPICIOUS SIGNATURE 


LOW 


z 


SIGNATURE E 


Z+1 


SIGNATURE F 
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FIG.7 



( START ^ 
► 



DETECT SUSPICIOUS ATTACKING TRAFFIC 




GENERATE SUSPICIOUS SIGNATURE AND 

LEGITIMATE SIGNATURES 




DETERMINE PRIORITY ORDERS 



S3 



REGISTER SUSPICIOUS SIGNATURE AND 
LEGITIMATE SIGNATURES IN FILTERING UNIT 



S4 





SEND SUSPICIOUS SIGNATURE AND 
LEGITIMACY CONDITIONS TO ADJACENT 
RELAYING DEVICES 







Obion, Spivak, et al. 

703-413-3000 

Docket # 284766US90PCT 

Sheet 6 of? 



6/7 



FIG.8 





f 


► 


RECEIVE SUSPICIOUS SIGNATURE AND 1 
LEGITIMACY CONDITIONS 






GENERATE LEGITIMATE SIGNATURES | 






DETERMINE PRIORITY ORDERS | 




f 


REGISTER SUSPICIOUS SIGNATURE AND 1 
LEGITIMATE SIGNATURES IN FILTERING UNIT 1 




f 


SEND SUSPECT SIGNA1 
CONDITIONS TO ADJACE 


rURE AND LEGITIMACY 
ENT RELAYING DEVICES 



S11 



S12 



S13 



S14 



S15 
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FIG.9 



( START ^ 



DETECT ILLEGITIMATE TRAFFIC 



GENERATE ILLEGITIMATE SIGNATURE 



DETERMINE PRIORITY ORDER 



S21 



S22 



S23 



REGISTER ILLEGITIMATE SIGNATURE IN FILTERING UNIT S24 



